unbound as a proxy of authoritative server
François Lafont
francois.lafont.1978 at gmail.com
Sun Sep 21 15:18:06 UTC 2025
Hi,
Is it possible with unbound to use it as a proxy
of authoritative server? For instance, if I try
a configuration like that (which doesn't work):
#------------------------------
server:
[...]
local-zone: "domain.tld." always_transparent
stub-zone:
name: "domain.tld."
stub-addr: "W.X.Y.Z1" # IP address of authoritative server 1.
stub-addr: "W.X.Y.Z2" # IP address of authoritative server 2.
stub-no-cache: yes
#------------------------------
In this case, if I request the unbound server with
a _recursive_ request, I have a response from the
"domain.tld." authoritative servers. OK, but:
* I have no "aa" flag (ie authoritative answer).
* A no-recursive request doesn't work (REFUSED).
Of course it's logical I knew that this configuration
doesn't work. What I want is that, from the client side,
unbound behaves as if it was a "domain.tld."
authoritative server so that:
* I have the "aa" flag in response.
* A no-recursive request work.
I have found in the doc the "auth-zone" but I don't want
so store a copy of the zone in the unbound server. I would
like a forward to the real authoritative servers (with no
cache).
Is is possible to do that with unbound? Maybe not?
Thanks.
--
François Lafont
More information about the Unbound-users
mailing list